Tech Risk & Security

IEEE was and is affecting everyone by defining how bit and bytes transmit. Without a standard, no two machines could talk to each other. In the past, US company were pioneer of technology standard and they were the only voice in standard setting committees. Now China wants to play the game and proposed WAPI standard. However, “In March, delegates representing standard bodies from 25 countries voted in favor of the IEEE's version over WAPI.China appealed the ISO decision and demanded an apology from the IEEE which it accused of "dirty tricks" in lobbying for its standard, Xinhua said.” I am glad to see China government is actively protecting national manufacturers (although most of them are still state-owned) by going to international forum like IEEE. If IEEE does not adopt China-backed WAPI, I believe China will not step down. There will be two standards for wireless transmission. Just like Japan has their PHS mobile phone system.

Local Police is not investigating the reported ransomware case as it MAY fall in the remit of the National High Tech Crime Unit (NHTCU), which was amalgamated into the Serious and Organised Crime Agency (Soca) in April. After reading this news article, I have no clue when or who will investigate this case. It seems in UK the law enforcement have not keep up with cyber crime. The local police said it is international crime and they do not have resources to investigate. The Soca seems only investigate large and organized crimes. So when a crime involves international transactions and not organized, citizen in UK does not have any protection from their government even they report it to police. I believe what happens in UK is similar to elsewhere in the world. Police forces are not ready or willing to surf the wave of cybercrime. The resource to investigate is huge. There may be some wrongly reported cases. The legislation and prosecution is difficult. All are the reaso

A counter-action of last blog : The password for unlocking hijacked-files by Ransomware are widely available online now. One nature of encryption is that there is a one-to-one match of general used encryption softwares/tools. When a hacker distribute his ransomware to the victim, there is one key for encrypting files. There is also one key to unlock these files. Each release of ransomware will share the same unlocking key and this is the weakness of ransomware. When the password is publicly available, the ransomware is useless. However, there maybe multiple releases with different keys. In such case, the hacker will need to keep track of which key corresponding which release. The logistics maybe overwhleming. One direction of development is there is a pattern of generating keys (like using a master key and the username, ip address or computer service patch number). Then the variant of keys of each releases will be multiplied.

From BBC A woman from Greater Manchester has become a victim of an internet scam in which hackers hijack computer files and blackmail owners to get them back. Do anyone have a glue on how to translate ransomware in Chinese ?